02-07-2010 03:01 AM - edited 03-10-2019 04:56 PM
Hello
I configured aaa on FWSM, it works great expect the accounting for telnet and ssh. This is my configuration
aaa-server tacacs+ protocol tacacs+
aaa-server tacacs+ (inside) host xxxxxxx
key xxxxxxxxxx
aaa-server tacacs+ (inside) host xxxxxxxx
key xxxxxxxxxxxxx
aaa authentication telnet console tacacs+ LOCAL
aaa authentication ssh console tacacs+ LOCAL
aaa authentication enable console tacacs+ LOCAL
aaa accounting telnet console tacacs+
aaa accounting ssh console tacacs+
I am using ACS 4.1, with this config I aspect to see in Report activities -> TACACS+ Accounting a report when I login CLI by telnet or ssh? Is right, or I am wrong?
Can you please help me to find where is my mistake?
Thank you in advice.
Best regards Antonello.
02-07-2010 06:24 AM
Hello
I configured aaa on FWSM, it works great expect the accounting for telnet and ssh. This is my configuration
aaa-server tacacs+ protocol tacacs+
aaa-server tacacs+ (inside) host xxxxxxx
key xxxxxxxxxx
aaa-server tacacs+ (inside) host xxxxxxxx
key xxxxxxxxxxxxx
aaa authentication telnet console tacacs+ LOCAL
aaa authentication ssh console tacacs+ LOCAL
aaa authentication enable console tacacs+ LOCAL
aaa accounting telnet console tacacs+
aaa accounting ssh console tacacs+I am using ACS 4.1, with this config I aspect to see in Report activities -> TACACS+ Accounting a report when I login CLI by telnet or ssh? Is right, or I am wrong?
Can you please help me to find where is my mistake?
Thank you in advice.
Best regards Antonello.
Hi Antonello,
Configuration are ok Login reports for any configured device in acs will be shown in passed authentication as sucessful authentication and in TACAS accounting only start and stop session for your authentication will be given with session id.
Hope to help
Ganesh.H
02-07-2010 09:45 AM
You might be hitting the following ACS bug, either install the mentioned patch or upgrade your ACS version:
Please rate if helpful.
Regards
Farrukh
02-08-2010 12:21 AM
Dear Ganesh and Farrukh, thank you a lot for you help.
What you said Ganesh is exactly what I aspect to see. But when I login in the device I see a Passed Authentication report but nothing in Tacacs Accounting. I tried also to config command accounting and it was working great and I could find reports of commands I typed in TACACS Administration. Anyway for the other devices(routers and switches ) TACACS Accounting is working.
I don't think is also a bug which Farrukh sent. Because is about TACACS Administration logs.
For your experience how can I check if the info are received form ACS? I mean there is like a debug command in ACS? Using debug aaa accounting I see that FWSM is sending info to ACS.
Any other tips and ideas are welcome.
Thank you really much,
Best regards Antonello.
02-08-2010 08:20 AM
Hi An,
If accounting is wokring for router and switch then its doesn't look like ACS issue. Run debugs on FWSM,
debug tacacs
debug aaa authentication
debug aaa accounting
Now check if it is sending accounting packets.
Regards,
~JG
Do rate helpful posts
02-10-2010 08:30 AM
Hi JG,
thanks for your answer.
I already tried
here the result:
XXXXXXXX/admin# debug aaa accounting
XXXXXXXX/admin# start accounting for user: userX, session id: 549453844
stop accounting for user: amoneta, session id: 549453844
I am confiused, because all seems work great except I cannot get the ACS reports accouting.
Thanks a lot for your help.
Best Regards An(I like the way you call me).
12-15-2010 02:22 PM
Have you applied the 'aaa accounting command [tacacs+-server-tag]' command to your configuration.
To send accounting messages to the TACACS+ accounting server when you enter any command other than show commands at the CLI, use the aaa accounting command command in global configuration mode. To disable support for command accounting, use the no form of this command.
Eli
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: